SYMBOLCOMMON_NAMEaka. SYNONYMS

Silence group  (Back to overview)

aka: Silence, WHISPER SPIDER

a relatively new threat actor that’s been operating since mid-2016 Group-IB has exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group's activity in more than 25 countries worldwide. Group-IB has published its first detailed report on tactics and tools employed by Silence. Group-IB security analysts' hypothesis is that at least one of the gang members appears to be a former or current employee of a cyber security company. The confirmed damage from Silence activity is estimated at 800 000 USD. Silence is a group of Russian-speaking hackers, based on their commands language, the location of infrastructure they used, and the geography of their targets (Russia, Ukraine, Belarus, Azerbaijan, Poland, and Kazakhstan). Although phishing emails were also sent to bank employees in Central and Western Europe, Africa, and Asia). Furthermore, Silence used Russian words typed on an English keyboard layout for the commands of the employed backdoor. The hackers also used Russian-language web hosting services.

Associated Families
win.atmosphere win.silence
References
2023-07-06CISACISA
@online{cisa:20230706:increased:7ff9690, author = {CISA}, title = {{Increased Truebot Activity Infects U.S. and Canada Based Networks}}, date = {2023-07-06}, organization = {CISA}, url = {https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a}, language = {English}, urldate = {2023-07-08} } Increased Truebot Activity Infects U.S. and Canada Based Networks
Silence
2023-06-12The DFIR ReportMaxime Thiebaut
@online{thiebaut:20230612:truly:18a251d, author = {Maxime Thiebaut}, title = {{A Truly Graceful Wipe Out}}, date = {2023-06-12}, organization = {The DFIR Report}, url = {https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/}, language = {English}, urldate = {2023-06-12} } A Truly Graceful Wipe Out
FlawedGrace Silence
2023-06-01vmwareFae Carlisle
@online{carlisle:20230601:carbon:a215566, author = {Fae Carlisle}, title = {{Carbon Black’s TrueBot Detection}}, date = {2023-06-01}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/06/carbon-blacks-truebot-detection.html}, language = {English}, urldate = {2023-07-13} } Carbon Black’s TrueBot Detection
Silence
2023-05-23loginsoftSaharsh Agrawal
@online{agrawal:20230523:taming:7a77f19, author = {Saharsh Agrawal}, title = {{Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350}}, date = {2023-05-23}, organization = {loginsoft}, url = {https://research.loginsoft.com/threat-research/taming-the-storm-understanding-and-mitigating-the-consequences-of-cve-2023-27350/}, language = {English}, urldate = {2023-05-30} } Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350
Clop LockBit Silence
2023-03-31malware.loveRobert Giczewski
@online{giczewski:20230331:truebot:ec9e860, author = {Robert Giczewski}, title = {{TrueBot Analysis Part III - Capabilities}}, date = {2023-03-31}, organization = {malware.love}, url = {https://malware.love/malware_analysis/reverse_engineering/2023/03/31/analyzing-truebot-capabilities.html}, language = {English}, urldate = {2023-04-03} } TrueBot Analysis Part III - Capabilities
Silence
2023-03-30IBMJohn Dwyer, Fred Chidsey, Joseph Lozowski
@online{dwyer:20230330:xforce:75bb496, author = {John Dwyer and Fred Chidsey and Joseph Lozowski}, title = {{X-Force Prevents Zero Day from Going Anywhere}}, date = {2023-03-30}, organization = {IBM}, url = {https://securityintelligence.com/posts/x-force-prevents-zero-day-from-going-anywhere}, language = {English}, urldate = {2023-04-06} } X-Force Prevents Zero Day from Going Anywhere
Silence
2023-02-27PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20230227:rig:72076aa, author = {PRODAFT}, title = {{RIG Exploit Kit: In-Depth Analysis}}, date = {2023-02-27}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf}, language = {English}, urldate = {2023-05-08} } RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader
2023-02-18malware.loveRobert Giczewski
@online{giczewski:20230218:truebot:f49edbb, author = {Robert Giczewski}, title = {{TrueBot Analysis Part II - Static unpacker}}, date = {2023-02-18}, organization = {malware.love}, url = {https://malware.love/malware_analysis/reverse_engineering/2023/02/18/analyzing-truebot-static-unpacking.html}, language = {English}, urldate = {2023-02-21} } TrueBot Analysis Part II - Static unpacker
Silence
2023-02-12malware.loveRobert Giczewski
@online{giczewski:20230212:truebot:80ae897, author = {Robert Giczewski}, title = {{TrueBot Analysis Part I - A short glimpse into packed TrueBot samples}}, date = {2023-02-12}, organization = {malware.love}, url = {https://malware.love/malware_analysis/reverse_engineering/2023/02/12/analyzing-truebot-packer.html}, language = {English}, urldate = {2023-02-21} } TrueBot Analysis Part I - A short glimpse into packed TrueBot samples
Silence
2023-02-08Huntress LabsJoe Slowik, Matt Anderson
@online{slowik:20230208:investigating:4b8fbaf, author = {Joe Slowik and Matt Anderson}, title = {{Investigating Intrusions From Intriguing Exploits}}, date = {2023-02-08}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits}, language = {English}, urldate = {2023-04-06} } Investigating Intrusions From Intriguing Exploits
Silence
2022-12-08Cisco TalosTiago Pereira
@online{pereira:20221208:breaking:7f00030, author = {Tiago Pereira}, title = {{Breaking the silence - Recent Truebot activity}}, date = {2022-12-08}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/}, language = {English}, urldate = {2022-12-12} } Breaking the silence - Recent Truebot activity
Clop Cobalt Strike FlawedGrace Raspberry Robin Silence Teleport
2020-12-14BluelivAlberto Marín, Carlos Rubio, Blueliv Labs Team
@online{marn:20201214:using:e81621e, author = {Alberto Marín and Carlos Rubio and Blueliv Labs Team}, title = {{Using Qiling Framework to Unpack TA505 packed samples}}, date = {2020-12-14}, organization = {Blueliv}, url = {https://outpost24.com/blog/using-qiling-framework-to-unpack-ta505-packed-samples/}, language = {English}, urldate = {2023-08-03} } Using Qiling Framework to Unpack TA505 packed samples
AndroMut Azorult Silence TinyMet
2020-07-21YouTube ( OPCDE with Matt Suiche)Mohamad Mokbel
@online{mokbel:20200721:vopcde:26d48d0, author = {Mohamad Mokbel}, title = {{vOPCDE #9 - A Journey into Malware HTTP Communication Channels Spectacles (Mohamad Mokbel)}}, date = {2020-07-21}, organization = {YouTube ( OPCDE with Matt Suiche)}, url = {https://www.youtube.com/watch?v=FttiysUZmDw}, language = {English}, urldate = {2021-10-24} } vOPCDE #9 - A Journey into Malware HTTP Communication Channels Spectacles (Mohamad Mokbel)
Alureon Aytoke Cobra Carbon System CROSSWALK danbot ProtonBot Silence
2020-06-22CERT-FRCERT-FR
@techreport{certfr:20200622:volution:fba1cfa, author = {CERT-FR}, title = {{Évolution De Lactivité du Groupe Cybercriminel TA505}}, date = {2020-06-22}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-006.pdf}, language = {French}, urldate = {2020-06-24} } Évolution De Lactivité du Groupe Cybercriminel TA505
Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot
2020-04-23CERT-FRCERT-FR
@techreport{certfr:20200423:le:4dbca96, author = {CERT-FR}, title = {{LE GROUPE CYBERCRIMINEL SILENCE}}, date = {2020-04-23}, institution = {CERT-FR}, url = {https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-004.pdf}, language = {French}, urldate = {2020-05-07} } LE GROUPE CYBERCRIMINEL SILENCE
Silence
2020-03-26TelekomThomas Barabosch
@online{barabosch:20200326:ta505s:24d9805, author = {Thomas Barabosch}, title = {{TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer}}, date = {2020-03-26}, organization = {Telekom}, url = {https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-s-box-of-chocolate-597672}, language = {English}, urldate = {2020-03-27} } TA505's Box of Chocolate - On Hidden Gems packed with the TA505 Packer
Amadey Azorult Clop FlawedGrace Get2 SDBbot Silence TinyMet TA505
2020-01-13Github (Tera0017)Tera0017
@online{tera0017:20200113:tafof:d939bc6, author = {Tera0017}, title = {{TAFOF Unpacker}}, date = {2020-01-13}, organization = {Github (Tera0017)}, url = {https://github.com/Tera0017/TAFOF-Unpacker}, language = {English}, urldate = {2020-03-30} } TAFOF Unpacker
Clop Get2 Silence
2019-08Group-IBGroup-IB
@techreport{groupib:201908:silence:1845381, author = {Group-IB}, title = {{Silence 2.0 - Going Global}}, date = {2019-08}, institution = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/silence_2.0.going_global.pdf}, language = {English}, urldate = {2019-12-17} } Silence 2.0 - Going Global
Silence
2019-08Group-IBGroup-IB
@online{groupib:201908:attacks:9da5611, author = {Group-IB}, title = {{Attacks by Silence}}, date = {2019-08}, organization = {Group-IB}, url = {https://www.group-ib.com/resources/threat-research/silence.html}, language = {English}, urldate = {2020-01-07} } Attacks by Silence
Silence DDoS Kikothac Silence
2019-02-11One Night in NorfolkKevin Perlow
@online{perlow:20190211:how:05b5d9a, author = {Kevin Perlow}, title = {{How the Silence Downloader Has Evolved Over Time}}, date = {2019-02-11}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/how-the-silence-downloader-has-evolved-over-time/}, language = {English}, urldate = {2020-05-19} } How the Silence Downloader Has Evolved Over Time
Silence
2019-02-06One Night in NorfolkKevin Perlow
@online{perlow:20190206:some:8835f31, author = {Kevin Perlow}, title = {{Some Notes on the Silence Proxy}}, date = {2019-02-06}, organization = {One Night in Norfolk}, url = {https://norfolkinfosec.com/some-notes-on-the-silence-proxy/}, language = {English}, urldate = {2020-05-19} } Some Notes on the Silence Proxy
Silence
2019-01-24ReaqtaReaqta
@online{reaqta:20190124:silence:08baddd, author = {Reaqta}, title = {{Silence group targeting Russian Banks via Malicious CHM}}, date = {2019-01-24}, organization = {Reaqta}, url = {https://reaqta.com/2019/01/silence-group-targeting-russian-banks/}, language = {English}, urldate = {2019-11-28} } Silence group targeting Russian Banks via Malicious CHM
Silence Silence group
2018-09-05Group-IBGroup-IB
@online{groupib:20180905:silence:6886d17, author = {Group-IB}, title = {{Silence: Moving into the Darkside}}, date = {2018-09-05}, organization = {Group-IB}, url = {https://www.group-ib.com/blog/silence}, language = {English}, urldate = {2019-12-18} } Silence: Moving into the Darkside
Silence group
2018-09-05ZDNetCatalin Cimpanu
@online{cimpanu:20180905:new:c1c9e19, author = {Catalin Cimpanu}, title = {{New Silence hacking group suspected of having ties to cyber-security industry}}, date = {2018-09-05}, organization = {ZDNet}, url = {https://www.zdnet.com/article/new-silence-hacking-group-suspected-of-having-ties-to-cyber-security-industry/}, language = {English}, urldate = {2019-12-19} } New Silence hacking group suspected of having ties to cyber-security industry
Atmosphere
2017-11-01Kaspersky LabsGReAT
@online{great:20171101:silence:b22eae0, author = {GReAT}, title = {{Silence – a new Trojan attacking financial organizations}}, date = {2017-11-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-silence/83009/}, language = {English}, urldate = {2019-12-20} } Silence – a new Trojan attacking financial organizations
Silence Silence group
2017-11-01IntezerJay Rosenberg
@online{rosenberg:20171101:silence:087cfb3, author = {Jay Rosenberg}, title = {{Silence of the Moles}}, date = {2017-11-01}, organization = {Intezer}, url = {http://www.intezer.com/silenceofthemoles/}, language = {English}, urldate = {2019-11-27} } Silence of the Moles
Silence
Credits: MISP Project